﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
using System.Configuration;
using System.Diagnostics;


namespace mpsalary.App_Code
{
    public class User
    {

        public String Salutation { get; set; }
        public String Gender { get; set; }
        public String Occupation { get; set; }
        public String Name { get; set; }
        public String School { get; set; }
        public String Company { get; set; }
        public String DOB { get; set; }
        public String NRIC { get; set; }
        public String Email { get; set; }
        public String Password { get; set; }
        public String MobileNo { get; set; }

        //----------------------------------------
        // create user- when a new user sign up
        //----------------------------------------


        public void CreateUser()
        {
            //INSERT INTO...

            SqlConnection conn = new SqlConnection();
            SqlCommand cmd = new SqlCommand();

            try
            {
                // Executes SQL
                //1.get connection string from db
                conn.ConnectionString = ConfigurationManager.ConnectionStrings["dbConn"].ToString();

                //2.open connection -> command
                conn.Open();
                cmd.Connection = conn;

                //3.take values from textbox and execute sql command

                cmd.CommandText = "INSERT INTO [User](NRIC, Email, Password)VALUES(@NRIC, @Email, @Password)";
                cmd.Parameters.AddWithValue("@NRIC", NRIC);
                cmd.Parameters.AddWithValue("@Email", Email);
                cmd.Parameters.AddWithValue("@Password", Password);
                cmd.ExecuteNonQuery();

                Debug.WriteLine("Sql Command Completed");

            }
            catch (SqlException ex)
            {
                //If there is an error with the database
                throw ex;

            }
            finally
            {
                // no matter what, run this
                conn.Close();

            }

        }


        //----------------------------------------

        // update user- when an update is needed
        //----------------------------------------

        //public void UpdateUser()
        //{
        //    //SELECT FROM ...

        //    SqlConnection conn = new SqlConnection();
        //    SqlCommand cmd = new SqlCommand();

        //    try
        //    {
        //        // Executes SQL
        //        //1.get connection string from db
        //        conn.ConnectionString = ConfigurationManager.ConnectionStrings["dbConn"].ToString();

        //        //2.open connection -> command
        //        conn.Open();
        //        cmd.Connection = conn;

        //        //3.execute sql and read values
        //        cmd.CommandText = "UPDATE STUDENT SET Salutation=(@Salutation),Gender=(@Gender),Occupation=(@Occupation),Name=(@Name),School=(@School),Company=(@Company),DOB=(@DOB),Email=(@Email),Password=(@Password),MobileNo=(@MobileNo)  WHERE NRIC=@NRIC";
        //        cmd.Parameters.AddWithValue("@Salutation", Salutation);
        //        cmd.Parameters.AddWithValue("@Gender", Gender);
        //        cmd.Parameters.AddWithValue("@Occupation", Occupation);
        //        cmd.Parameters.AddWithValue("@Name", Name);
        //        cmd.Parameters.AddWithValue("@School", School);
        //        cmd.Parameters.AddWithValue("@Company", Company);
        //        cmd.Parameters.AddWithValue("@DOB", DOB);
        //        cmd.Parameters.AddWithValue("@Email", Email);
        //        cmd.Parameters.AddWithValue("@Password", Email);
        //        cmd.Parameters.AddWithValue("@MobileNo", MobileNo);
        //        cmd.ExecuteNonQuery();


        //    }
        //    catch (SqlException ex)
        //    {
        //        //If there is an error with the database
        //        throw ex;

        //    }
        //    finally
        //    {
        //        // no matter what, run this
        //        conn.Close();

        //    }
        //}

        public void RetrievePassword()
        {
            SqlConnection conn = new SqlConnection();
            SqlCommand comm = new SqlCommand();

            try
            {
                // Executes SQL
                //        //1.get connection string from db
                conn.ConnectionString = ConfigurationManager.ConnectionStrings["dbConn"].ToString();
                //2.open connection -> command
                conn.Open();
                comm.Connection = conn;

                comm.CommandText = "SELECT Password From [User] Where NRIC = @NRIC";
                comm.Parameters.AddWithValue("@NRIC", NRIC);

                SqlDataReader dr = comm.ExecuteReader();

                //this is to read each row in the database
                while (dr.Read())
                {
                    Password = dr["Password"].ToString();
                }


            }
            catch(SqlException ex)
            {
                //If there is an error with the database
                throw ex;
            }
            finally
            {
                // no matter what, run this
                conn.Close();

            }

        }
        


    }
}